Exim and authenticated relaying via TLS/SSL + LDAP

This information can be obtained by understanding and reading the exim docs,
but some people are impatient, so here is my way how I allow my users to relay
mails through my server via a secure connection and authentication. The cool
part is that non-RFC-behaving Outlook + Outlook Express is also supported with
these configuration directives.

In your authenticators section (usually at the very bottom of the
exim-configuration file) add this:

This assumes you also have a valid ssl-key and a valid ssl-certificate in
/etc/exim4/ (can also be self-signed).

And finally you have to edit your ACL(s) to let the mail through - find a
"good" place (good means rather on the top of your ACL's before you deny
things) in your ACL and add accept authenticated = * - this is a part of
my example-ACL:

acl_check_rcpt:
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
# testing for an empty sending host field.
accepthosts = :
# Deny if the local part contains @ or % or / or | or !. These are rarely
# found in genuine local parts, but are often tried by people looking to
# circumvent relaying restrictions.
# Also deny if the local part starts with a dot. Empty components aren't
# strictly legal in RFC 2822, but Exim allows them because this is common.
# However, actually starting with a dot may cause trouble if the local part
# is used as a file name (e.g. for a mailing list).
denylocal_parts = ^.*[@%!/|] : ^\\.
# Accept mail to postmaster in any local domain, regardless of the source,
# and without verifying the sender.
acceptlocal_parts = postmasterdomains = +local_domains# Deny unless the sender address can be verified.
requireverify = senderacceptauthenticated = *

… and this is it. Hope you will find this useful. Sometimes it's a little
hard to get this work, but it's a cool feature if it finally does what you
want. You can also authenticate against something else, needn't be LDAP, but
you will have to read the exim docs to achieve that.